Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/sun/security/ssl/CipherSuite.java
38830 views
/*1* Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.ssl;2627import java.util.ArrayList;28import java.util.Arrays;29import java.util.Collection;30import java.util.Collections;31import java.util.LinkedList;32import java.util.List;33import static sun.security.ssl.CipherSuite.HashAlg.*;34import static sun.security.ssl.CipherSuite.KeyExchange.*;35import static sun.security.ssl.CipherSuite.MacAlg.*;36import static sun.security.ssl.SSLCipher.*;37import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;38import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*;3940/**41* Enum for SSL/TLS cipher suites.42*43* Please refer to the "TLS Cipher Suite Registry" section for more details44* about each cipher suite:45* https://www.iana.org/assignments/tls-parameters/tls-parameters.xml46*/47enum CipherSuite {48//49// in preference order50//5152// Definition of the CipherSuites that are enabled by default.53//54// They are listed in preference order, most preferred first, using55// the following criteria:56// 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be57// changed later, see below).58// 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM),59// AES_128(GCM), AES_256, AES_128, 3DES-EDE.60// 3. Prefer the stronger MAC algorithm, in the order of SHA384,61// SHA256, SHA, MD5.62// 4. Prefer the better performance of key exchange and digital63// signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,64// RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS.6566TLS_AES_128_GCM_SHA256(670x1301, true, "TLS_AES_128_GCM_SHA256",68ProtocolVersion.PROTOCOLS_OF_13, B_AES_128_GCM_IV, H_SHA256),69TLS_AES_256_GCM_SHA384(700x1302, true, "TLS_AES_256_GCM_SHA384",71ProtocolVersion.PROTOCOLS_OF_13, B_AES_256_GCM_IV, H_SHA384),7273// Suite B compliant cipher suites, see RFC 6460.74//75// Note that, at present this provider is not Suite B compliant. The76// preference order of the GCM cipher suites does not follow the spec77// of RFC 6460. In this section, only two cipher suites are listed78// so that applications can make use of Suite-B compliant cipher79// suite firstly.80TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(810xC02C, true, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "",82ProtocolVersion.PROTOCOLS_OF_12,83K_ECDHE_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),84TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(850xC02B, true, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "",86ProtocolVersion.PROTOCOLS_OF_12,87K_ECDHE_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),8889// AES_256(GCM)90TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(910xC030, true, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "",92ProtocolVersion.PROTOCOLS_OF_12,93K_ECDHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),94TLS_RSA_WITH_AES_256_GCM_SHA384(950x009D, true, "TLS_RSA_WITH_AES_256_GCM_SHA384", "",96ProtocolVersion.PROTOCOLS_OF_12,97K_RSA, B_AES_256_GCM, M_NULL, H_SHA384),98TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(990xC02E, true, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "",100ProtocolVersion.PROTOCOLS_OF_12,101K_ECDH_ECDSA, B_AES_256_GCM, M_NULL, H_SHA384),102TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(1030xC032, true, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "",104ProtocolVersion.PROTOCOLS_OF_12,105K_ECDH_RSA, B_AES_256_GCM, M_NULL, H_SHA384),106TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(1070x009F, true, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "",108ProtocolVersion.PROTOCOLS_OF_12,109K_DHE_RSA, B_AES_256_GCM, M_NULL, H_SHA384),110TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(1110x00A3, true, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "",112ProtocolVersion.PROTOCOLS_OF_12,113K_DHE_DSS, B_AES_256_GCM, M_NULL, H_SHA384),114115// AES_128(GCM)116TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(1170xC02F, true, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "",118ProtocolVersion.PROTOCOLS_OF_12,119K_ECDHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),120TLS_RSA_WITH_AES_128_GCM_SHA256(1210x009C, true, "TLS_RSA_WITH_AES_128_GCM_SHA256", "",122ProtocolVersion.PROTOCOLS_OF_12,123K_RSA, B_AES_128_GCM, M_NULL, H_SHA256),124TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(1250xC02D, true, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "",126ProtocolVersion.PROTOCOLS_OF_12,127K_ECDH_ECDSA, B_AES_128_GCM, M_NULL, H_SHA256),128TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(1290xC031, true, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "",130ProtocolVersion.PROTOCOLS_OF_12,131K_ECDH_RSA, B_AES_128_GCM, M_NULL, H_SHA256),132TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(1330x009E, true, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "",134ProtocolVersion.PROTOCOLS_OF_12,135K_DHE_RSA, B_AES_128_GCM, M_NULL, H_SHA256),136TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(1370x00A2, true, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "",138ProtocolVersion.PROTOCOLS_OF_12,139K_DHE_DSS, B_AES_128_GCM, M_NULL, H_SHA256),140141// AES_256(CBC)142TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(1430xC024, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "",144ProtocolVersion.PROTOCOLS_OF_12,145K_ECDHE_ECDSA, B_AES_256, M_SHA384, H_SHA384),146TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(1470xC028, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "",148ProtocolVersion.PROTOCOLS_OF_12,149K_ECDHE_RSA, B_AES_256, M_SHA384, H_SHA384),150TLS_RSA_WITH_AES_256_CBC_SHA256(1510x003D, true, "TLS_RSA_WITH_AES_256_CBC_SHA256", "",152ProtocolVersion.PROTOCOLS_OF_12,153K_RSA, B_AES_256, M_SHA256, H_SHA256),154TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(1550xC026, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "",156ProtocolVersion.PROTOCOLS_OF_12,157K_ECDH_ECDSA, B_AES_256, M_SHA384, H_SHA384),158TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(1590xC02A, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "",160ProtocolVersion.PROTOCOLS_OF_12,161K_ECDH_RSA, B_AES_256, M_SHA384, H_SHA384),162TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(1630x006B, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "",164ProtocolVersion.PROTOCOLS_OF_12,165K_DHE_RSA, B_AES_256, M_SHA256, H_SHA256),166TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(1670x006A, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "",168ProtocolVersion.PROTOCOLS_OF_12,169K_DHE_DSS, B_AES_256, M_SHA256, H_SHA256),170171TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(1720xC00A, true, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "",173ProtocolVersion.PROTOCOLS_TO_12,174K_ECDHE_ECDSA, B_AES_256, M_SHA, H_SHA256),175TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(1760xC014, true, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "",177ProtocolVersion.PROTOCOLS_TO_12,178K_ECDHE_RSA, B_AES_256, M_SHA, H_SHA256),179TLS_RSA_WITH_AES_256_CBC_SHA(1800x0035, true, "TLS_RSA_WITH_AES_256_CBC_SHA", "",181ProtocolVersion.PROTOCOLS_TO_12,182K_RSA, B_AES_256, M_SHA, H_SHA256),183TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(1840xC005, true, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "",185ProtocolVersion.PROTOCOLS_TO_12,186K_ECDH_ECDSA, B_AES_256, M_SHA, H_SHA256),187TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(1880xC00F, true, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "",189ProtocolVersion.PROTOCOLS_TO_12,190K_ECDH_RSA, B_AES_256, M_SHA, H_SHA256),191TLS_DHE_RSA_WITH_AES_256_CBC_SHA(1920x0039, true, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "",193ProtocolVersion.PROTOCOLS_TO_12,194K_DHE_RSA, B_AES_256, M_SHA, H_SHA256),195TLS_DHE_DSS_WITH_AES_256_CBC_SHA(1960x0038, true, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "",197ProtocolVersion.PROTOCOLS_TO_12,198K_DHE_DSS, B_AES_256, M_SHA, H_SHA256),199200// AES_128(CBC)201TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(2020xC023, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "",203ProtocolVersion.PROTOCOLS_OF_12,204K_ECDHE_ECDSA, B_AES_128, M_SHA256, H_SHA256),205TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(2060xC027, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "",207ProtocolVersion.PROTOCOLS_OF_12,208K_ECDHE_RSA, B_AES_128, M_SHA256, H_SHA256),209TLS_RSA_WITH_AES_128_CBC_SHA256(2100x003C, true, "TLS_RSA_WITH_AES_128_CBC_SHA256", "",211ProtocolVersion.PROTOCOLS_OF_12,212K_RSA, B_AES_128, M_SHA256, H_SHA256),213TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(2140xC025, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "",215ProtocolVersion.PROTOCOLS_OF_12,216K_ECDH_ECDSA, B_AES_128, M_SHA256, H_SHA256),217TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(2180xC029, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "",219ProtocolVersion.PROTOCOLS_OF_12,220K_ECDH_RSA, B_AES_128, M_SHA256, H_SHA256),221TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(2220x0067, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "",223ProtocolVersion.PROTOCOLS_OF_12,224K_DHE_RSA, B_AES_128, M_SHA256, H_SHA256),225TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(2260x0040, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "",227ProtocolVersion.PROTOCOLS_OF_12,228K_DHE_DSS, B_AES_128, M_SHA256, H_SHA256),229230TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(2310xC009, true, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "",232ProtocolVersion.PROTOCOLS_TO_12,233K_ECDHE_ECDSA, B_AES_128, M_SHA, H_SHA256),234TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(2350xC013, true, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "",236ProtocolVersion.PROTOCOLS_TO_12,237K_ECDHE_RSA, B_AES_128, M_SHA, H_SHA256),238TLS_RSA_WITH_AES_128_CBC_SHA(2390x002F, true, "TLS_RSA_WITH_AES_128_CBC_SHA", "",240ProtocolVersion.PROTOCOLS_TO_12,241K_RSA, B_AES_128, M_SHA, H_SHA256),242TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(2430xC004, true, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "",244ProtocolVersion.PROTOCOLS_TO_12,245K_ECDH_ECDSA, B_AES_128, M_SHA, H_SHA256),246TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(2470xC00E, true, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "",248ProtocolVersion.PROTOCOLS_TO_12,249K_ECDH_RSA, B_AES_128, M_SHA, H_SHA256),250TLS_DHE_RSA_WITH_AES_128_CBC_SHA(2510x0033, true, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "",252ProtocolVersion.PROTOCOLS_TO_12,253K_DHE_RSA, B_AES_128, M_SHA, H_SHA256),254TLS_DHE_DSS_WITH_AES_128_CBC_SHA(2550x0032, true, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "",256ProtocolVersion.PROTOCOLS_TO_12,257K_DHE_DSS, B_AES_128, M_SHA, H_SHA256),258259// 3DES_EDE260TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(2610xC008, true, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "",262ProtocolVersion.PROTOCOLS_TO_12,263K_ECDHE_ECDSA, B_3DES, M_SHA, H_SHA256),264TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(2650xC012, true, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "",266ProtocolVersion.PROTOCOLS_TO_12,267K_ECDHE_RSA, B_3DES, M_SHA, H_SHA256),268SSL_RSA_WITH_3DES_EDE_CBC_SHA(2690x000A, true, "SSL_RSA_WITH_3DES_EDE_CBC_SHA",270"TLS_RSA_WITH_3DES_EDE_CBC_SHA",271ProtocolVersion.PROTOCOLS_TO_12,272K_RSA, B_3DES, M_SHA, H_SHA256),273TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA(2740xC003, true, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "",275ProtocolVersion.PROTOCOLS_TO_12,276K_ECDH_ECDSA, B_3DES, M_SHA, H_SHA256),277TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA(2780xC00D, true, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "",279ProtocolVersion.PROTOCOLS_TO_12,280K_ECDH_RSA, B_3DES, M_SHA, H_SHA256),281SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA(2820x0016, true, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",283"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",284ProtocolVersion.PROTOCOLS_TO_12,285K_DHE_RSA, B_3DES, M_SHA, H_SHA256),286SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA(2870x0013, true, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",288"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",289ProtocolVersion.PROTOCOLS_TO_12,290K_DHE_DSS, B_3DES, M_SHA, H_SHA256),291292// Renegotiation protection request Signalling Cipher Suite Value (SCSV).293TLS_EMPTY_RENEGOTIATION_INFO_SCSV( // RFC 5746, TLS 1.2 and prior2940x00FF, true, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV", "",295ProtocolVersion.PROTOCOLS_TO_12,296K_SCSV, B_NULL, M_NULL, H_NONE),297298// Definition of the CipherSuites that are supported but not enabled299// by default.300// They are listed in preference order, preferred first, using the301// following criteria:302// 1. If a cipher suite has been obsoleted, we put it at the end of303// the list.304// 2. Prefer the stronger bulk cipher, in the order of AES_256,305// AES_128, 3DES-EDE, RC-4, DES, DES40, RC4_40, NULL.306// 3. Prefer the stronger MAC algorithm, in the order of SHA384,307// SHA256, SHA, MD5.308// 4. Prefer the better performance of key exchange and digital309// signature algorithm, in the order of ECDHE-ECDSA, ECDHE-RSA,310// RSA, ECDH-ECDSA, ECDH-RSA, DHE-RSA, DHE-DSS, anonymous.311TLS_DH_anon_WITH_AES_256_GCM_SHA384(3120x00A7, false, "TLS_DH_anon_WITH_AES_256_GCM_SHA384", "",313ProtocolVersion.PROTOCOLS_OF_12,314K_DH_ANON, B_AES_256_GCM, M_NULL, H_SHA384),315TLS_DH_anon_WITH_AES_128_GCM_SHA256(3160x00A6, false, "TLS_DH_anon_WITH_AES_128_GCM_SHA256", "",317ProtocolVersion.PROTOCOLS_OF_12,318K_DH_ANON, B_AES_128_GCM, M_NULL, H_SHA256),319TLS_DH_anon_WITH_AES_256_CBC_SHA256(3200x006D, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA256", "",321ProtocolVersion.PROTOCOLS_OF_12,322K_DH_ANON, B_AES_256, M_SHA256, H_SHA256),323TLS_ECDH_anon_WITH_AES_256_CBC_SHA(3240xC019, false, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "",325ProtocolVersion.PROTOCOLS_TO_12,326K_ECDH_ANON, B_AES_256, M_SHA, H_SHA256),327TLS_DH_anon_WITH_AES_256_CBC_SHA(3280x003A, false, "TLS_DH_anon_WITH_AES_256_CBC_SHA", "",329ProtocolVersion.PROTOCOLS_TO_12,330K_DH_ANON, B_AES_256, M_SHA, H_SHA256),331TLS_DH_anon_WITH_AES_128_CBC_SHA256(3320x006C, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA256", "",333ProtocolVersion.PROTOCOLS_OF_12,334K_DH_ANON, B_AES_128, M_SHA256, H_SHA256),335TLS_ECDH_anon_WITH_AES_128_CBC_SHA(3360xC018, false, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "",337ProtocolVersion.PROTOCOLS_TO_12,338K_ECDH_ANON, B_AES_128, M_SHA, H_SHA256),339TLS_DH_anon_WITH_AES_128_CBC_SHA(3400x0034, false, "TLS_DH_anon_WITH_AES_128_CBC_SHA", "",341ProtocolVersion.PROTOCOLS_TO_12,342K_DH_ANON, B_AES_128, M_SHA, H_SHA256),343TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA(3440xC017, false, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "",345ProtocolVersion.PROTOCOLS_TO_12,346K_ECDH_ANON, B_3DES, M_SHA, H_SHA256),347SSL_DH_anon_WITH_3DES_EDE_CBC_SHA(3480x001B, false, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",349"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",350ProtocolVersion.PROTOCOLS_TO_12,351K_DH_ANON, B_3DES, M_SHA, H_SHA256),352353// RC4354TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(3550xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "",356ProtocolVersion.PROTOCOLS_TO_TLS12,357K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256),358TLS_ECDHE_RSA_WITH_RC4_128_SHA(3590xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "",360ProtocolVersion.PROTOCOLS_TO_TLS12,361K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256),362SSL_RSA_WITH_RC4_128_SHA(3630x0005, false, "SSL_RSA_WITH_RC4_128_SHA",364"TLS_RSA_WITH_RC4_128_SHA",365ProtocolVersion.PROTOCOLS_TO_TLS12,366K_RSA, B_RC4_128, M_SHA, H_SHA256),367TLS_ECDH_ECDSA_WITH_RC4_128_SHA(3680xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "",369ProtocolVersion.PROTOCOLS_TO_TLS12,370K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256),371TLS_ECDH_RSA_WITH_RC4_128_SHA(3720xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "",373ProtocolVersion.PROTOCOLS_TO_TLS12,374K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256),375SSL_RSA_WITH_RC4_128_MD5(3760x0004, false, "SSL_RSA_WITH_RC4_128_MD5",377"TLS_RSA_WITH_RC4_128_MD5",378ProtocolVersion.PROTOCOLS_TO_TLS12,379K_RSA, B_RC4_128, M_MD5, H_SHA256),380TLS_ECDH_anon_WITH_RC4_128_SHA(3810xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "",382ProtocolVersion.PROTOCOLS_TO_TLS12,383K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256),384SSL_DH_anon_WITH_RC4_128_MD5(3850x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5",386"TLS_DH_anon_WITH_RC4_128_MD5",387ProtocolVersion.PROTOCOLS_TO_TLS12,388K_DH_ANON, B_RC4_128, M_MD5, H_SHA256),389390// Weak cipher suites obsoleted in TLS 1.2 [RFC 5246]391SSL_RSA_WITH_DES_CBC_SHA(3920x0009, false, "SSL_RSA_WITH_DES_CBC_SHA",393"TLS_RSA_WITH_DES_CBC_SHA",394ProtocolVersion.PROTOCOLS_TO_11,395K_RSA, B_DES, M_SHA, H_NONE),396SSL_DHE_RSA_WITH_DES_CBC_SHA(3970x0015, false, "SSL_DHE_RSA_WITH_DES_CBC_SHA",398"TLS_DHE_RSA_WITH_DES_CBC_SHA",399ProtocolVersion.PROTOCOLS_TO_11,400K_DHE_RSA, B_DES, M_SHA, H_NONE),401SSL_DHE_DSS_WITH_DES_CBC_SHA(4020x0012, false, "SSL_DHE_DSS_WITH_DES_CBC_SHA",403"TLS_DHE_DSS_WITH_DES_CBC_SHA",404ProtocolVersion.PROTOCOLS_TO_11,405K_DHE_DSS, B_DES, M_SHA, H_NONE),406SSL_DH_anon_WITH_DES_CBC_SHA(4070x001A, false, "SSL_DH_anon_WITH_DES_CBC_SHA",408"TLS_DH_anon_WITH_DES_CBC_SHA",409ProtocolVersion.PROTOCOLS_TO_11,410K_DH_ANON, B_DES, M_SHA, H_NONE),411412// Weak cipher suites obsoleted in TLS 1.1 [RFC 4346]413SSL_RSA_EXPORT_WITH_DES40_CBC_SHA(4140x0008, false, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",415"TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",416ProtocolVersion.PROTOCOLS_TO_10,417K_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),418SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA(4190x0014, false, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",420"TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",421ProtocolVersion.PROTOCOLS_TO_10,422K_DHE_RSA_EXPORT, B_DES_40, M_SHA, H_NONE),423SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA(4240x0011, false, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",425"TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",426ProtocolVersion.PROTOCOLS_TO_10,427K_DHE_DSS_EXPORT, B_DES_40, M_SHA, H_NONE),428SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA(4290x0019, false, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA",430"TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",431ProtocolVersion.PROTOCOLS_TO_10,432K_DH_ANON_EXPORT, B_DES_40, M_SHA, H_NONE),433SSL_RSA_EXPORT_WITH_RC4_40_MD5(4340x0003, false, "SSL_RSA_EXPORT_WITH_RC4_40_MD5",435"TLS_RSA_EXPORT_WITH_RC4_40_MD5",436ProtocolVersion.PROTOCOLS_TO_10,437K_RSA_EXPORT, B_RC4_40, M_MD5, H_NONE),438SSL_DH_anon_EXPORT_WITH_RC4_40_MD5(4390x0017, false, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",440"TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",441ProtocolVersion.PROTOCOLS_TO_10,442K_DH_ANON, B_RC4_40, M_MD5, H_NONE),443444// No traffic encryption cipher suites445TLS_RSA_WITH_NULL_SHA256(4460x003B, false, "TLS_RSA_WITH_NULL_SHA256", "",447ProtocolVersion.PROTOCOLS_OF_12,448K_RSA, B_NULL, M_SHA256, H_SHA256),449TLS_ECDHE_ECDSA_WITH_NULL_SHA(4500xC006, false, "TLS_ECDHE_ECDSA_WITH_NULL_SHA", "",451ProtocolVersion.PROTOCOLS_TO_12,452K_ECDHE_ECDSA, B_NULL, M_SHA, H_SHA256),453TLS_ECDHE_RSA_WITH_NULL_SHA(4540xC010, false, "TLS_ECDHE_RSA_WITH_NULL_SHA", "",455ProtocolVersion.PROTOCOLS_TO_12,456K_ECDHE_RSA, B_NULL, M_SHA, H_SHA256),457SSL_RSA_WITH_NULL_SHA(4580x0002, false, "SSL_RSA_WITH_NULL_SHA",459"TLS_RSA_WITH_NULL_SHA",460ProtocolVersion.PROTOCOLS_TO_12,461K_RSA, B_NULL, M_SHA, H_SHA256),462TLS_ECDH_ECDSA_WITH_NULL_SHA(4630xC001, false, "TLS_ECDH_ECDSA_WITH_NULL_SHA", "",464ProtocolVersion.PROTOCOLS_TO_12,465K_ECDH_ECDSA, B_NULL, M_SHA, H_SHA256),466TLS_ECDH_RSA_WITH_NULL_SHA(4670xC00B, false, "TLS_ECDH_RSA_WITH_NULL_SHA", "",468ProtocolVersion.PROTOCOLS_TO_12,469K_ECDH_RSA, B_NULL, M_SHA, H_SHA256),470TLS_ECDH_anon_WITH_NULL_SHA(4710xC015, false, "TLS_ECDH_anon_WITH_NULL_SHA", "",472ProtocolVersion.PROTOCOLS_TO_12,473K_ECDH_ANON, B_NULL, M_SHA, H_SHA256),474SSL_RSA_WITH_NULL_MD5(4750x0001, false, "SSL_RSA_WITH_NULL_MD5",476"TLS_RSA_WITH_NULL_MD5",477ProtocolVersion.PROTOCOLS_TO_12,478K_RSA, B_NULL, M_MD5, H_SHA256),479480481// Supported Kerberos ciphersuites from RFC2712482TLS_KRB5_WITH_3DES_EDE_CBC_SHA(4830x001f, false, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "",484ProtocolVersion.PROTOCOLS_TO_12,485K_KRB5, B_3DES, M_SHA, H_SHA256),486TLS_KRB5_WITH_3DES_EDE_CBC_MD5(4870x0023, false, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", "",488ProtocolVersion.PROTOCOLS_TO_12,489K_KRB5, B_3DES, M_MD5, H_SHA256),490TLS_KRB5_WITH_RC4_128_SHA(4910x0020, false, "TLS_KRB5_WITH_RC4_128_SHA", "",492ProtocolVersion.PROTOCOLS_TO_12,493K_KRB5, B_RC4_128, M_SHA, H_SHA256),494TLS_KRB5_WITH_RC4_128_MD5(4950x0024, false, "TLS_KRB5_WITH_RC4_128_MD5", "",496ProtocolVersion.PROTOCOLS_TO_12,497K_KRB5, B_RC4_128, M_MD5, H_SHA256),498TLS_KRB5_WITH_DES_CBC_SHA(4990x001e, false, "TLS_KRB5_WITH_DES_CBC_SHA", "",500ProtocolVersion.PROTOCOLS_TO_11,501K_KRB5, B_DES, M_SHA, H_SHA256),502TLS_KRB5_WITH_DES_CBC_MD5(5030x0022, false, "TLS_KRB5_WITH_DES_CBC_MD5", "",504ProtocolVersion.PROTOCOLS_TO_11,505K_KRB5, B_DES, M_MD5, H_SHA256),506TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA(5070x0026, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", "",508ProtocolVersion.PROTOCOLS_TO_10,509K_KRB5_EXPORT, B_DES_40, M_SHA, H_SHA256),510TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5(5110x0029, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", "",512ProtocolVersion.PROTOCOLS_TO_10,513K_KRB5_EXPORT, B_DES_40, M_MD5, H_SHA256),514TLS_KRB5_EXPORT_WITH_RC4_40_SHA(5150x0028, false, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", "",516ProtocolVersion.PROTOCOLS_TO_10,517K_KRB5_EXPORT, B_RC4_40, M_SHA, H_SHA256),518TLS_KRB5_EXPORT_WITH_RC4_40_MD5(5190x002B, false, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", "",520ProtocolVersion.PROTOCOLS_TO_10,521K_KRB5_EXPORT, B_RC4_40, M_MD5, H_SHA256),522523// Definition of the cipher suites that are not supported but the names524// are known.525TLS_CHACHA20_POLY1305_SHA256( // TLS 1.3526"TLS_CHACHA20_POLY1305_SHA256", 0x1303),527TLS_AES_128_CCM_SHA256( // TLS 1.3528"TLS_AES_128_CCM_SHA256", 0x1304),529TLS_AES_128_CCM_8_SHA256( // TLS 1.3530"TLS_AES_128_CCM_8_SHA256", 0x1305),531532// Remaining unsupported cipher suites defined in RFC2246.533CS_0006("SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", 0x0006),534CS_0007("SSL_RSA_WITH_IDEA_CBC_SHA", 0x0007),535CS_000B("SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x000b),536CS_000C("SSL_DH_DSS_WITH_DES_CBC_SHA", 0x000c),537CS_000D("SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", 0x000d),538CS_000E("SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x000e),539CS_000F("SSL_DH_RSA_WITH_DES_CBC_SHA", 0x000f),540CS_0010("SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", 0x0010),541542// SSL 3.0 Fortezza cipher suites543CS_001C("SSL_FORTEZZA_DMS_WITH_NULL_SHA", 0x001c),544CS_001D("SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA", 0x001d),545546// 1024/56 bit exportable cipher suites from expired internet draft547CS_0062("SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA", 0x0062),548CS_0063("SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", 0x0063),549CS_0064("SSL_RSA_EXPORT1024_WITH_RC4_56_SHA", 0x0064),550CS_0065("SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", 0x0065),551CS_0066("SSL_DHE_DSS_WITH_RC4_128_SHA", 0x0066),552553// Netscape old and new SSL 3.0 FIPS cipher suites554// see http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html555CS_FFE0("NETSCAPE_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xffe0),556CS_FFE1("NETSCAPE_RSA_FIPS_WITH_DES_CBC_SHA", 0xffe1),557CS_FEFE("SSL_RSA_FIPS_WITH_DES_CBC_SHA", 0xfefe),558CS_FEFF("SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA", 0xfeff),559560// Unsupported Kerberos cipher suites from RFC 2712561CS_0021("TLS_KRB5_WITH_IDEA_CBC_SHA", 0x0021),562CS_0025("TLS_KRB5_WITH_IDEA_CBC_MD5", 0x0025),563CS_0027("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA", 0x0027),564CS_002A("TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5", 0x002a),565566// Unsupported cipher suites from RFC 4162567CS_0096("TLS_RSA_WITH_SEED_CBC_SHA", 0x0096),568CS_0097("TLS_DH_DSS_WITH_SEED_CBC_SHA", 0x0097),569CS_0098("TLS_DH_RSA_WITH_SEED_CBC_SHA", 0x0098),570CS_0099("TLS_DHE_DSS_WITH_SEED_CBC_SHA", 0x0099),571CS_009A("TLS_DHE_RSA_WITH_SEED_CBC_SHA", 0x009a),572CS_009B("TLS_DH_anon_WITH_SEED_CBC_SHA", 0x009b),573574// Unsupported cipher suites from RFC 4279575CS_008A("TLS_PSK_WITH_RC4_128_SHA", 0x008a),576CS_008B("TLS_PSK_WITH_3DES_EDE_CBC_SHA", 0x008b),577CS_008C("TLS_PSK_WITH_AES_128_CBC_SHA", 0x008c),578CS_008D("TLS_PSK_WITH_AES_256_CBC_SHA", 0x008d),579CS_008E("TLS_DHE_PSK_WITH_RC4_128_SHA", 0x008e),580CS_008F("TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA", 0x008f),581CS_0090("TLS_DHE_PSK_WITH_AES_128_CBC_SHA", 0x0090),582CS_0091("TLS_DHE_PSK_WITH_AES_256_CBC_SHA", 0x0091),583CS_0092("TLS_RSA_PSK_WITH_RC4_128_SHA", 0x0092),584CS_0093("TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA", 0x0093),585CS_0094("TLS_RSA_PSK_WITH_AES_128_CBC_SHA", 0x0094),586CS_0095("TLS_RSA_PSK_WITH_AES_256_CBC_SHA", 0x0095),587588// Unsupported cipher suites from RFC 4785589CS_002C("TLS_PSK_WITH_NULL_SHA", 0x002c),590CS_002D("TLS_DHE_PSK_WITH_NULL_SHA", 0x002d),591CS_002E("TLS_RSA_PSK_WITH_NULL_SHA", 0x002e),592593// Unsupported cipher suites from RFC 5246594CS_0030("TLS_DH_DSS_WITH_AES_128_CBC_SHA", 0x0030),595CS_0031("TLS_DH_RSA_WITH_AES_128_CBC_SHA", 0x0031),596CS_0036("TLS_DH_DSS_WITH_AES_256_CBC_SHA", 0x0036),597CS_0037("TLS_DH_RSA_WITH_AES_256_CBC_SHA", 0x0037),598CS_003E("TLS_DH_DSS_WITH_AES_128_CBC_SHA256", 0x003e),599CS_003F("TLS_DH_RSA_WITH_AES_128_CBC_SHA256", 0x003f),600CS_0068("TLS_DH_DSS_WITH_AES_256_CBC_SHA256", 0x0068),601CS_0069("TLS_DH_RSA_WITH_AES_256_CBC_SHA256", 0x0069),602603// Unsupported cipher suites from RFC 5288604CS_00A0("TLS_DH_RSA_WITH_AES_128_GCM_SHA256", 0x00a0),605CS_00A1("TLS_DH_RSA_WITH_AES_256_GCM_SHA384", 0x00a1),606CS_00A4("TLS_DH_DSS_WITH_AES_128_GCM_SHA256", 0x00a4),607CS_00A5("TLS_DH_DSS_WITH_AES_256_GCM_SHA384", 0x00a5),608609// Unsupported cipher suites from RFC 5487610CS_00A8("TLS_PSK_WITH_AES_128_GCM_SHA256", 0x00a8),611CS_00A9("TLS_PSK_WITH_AES_256_GCM_SHA384", 0x00a9),612CS_00AA("TLS_DHE_PSK_WITH_AES_128_GCM_SHA256", 0x00aa),613CS_00AB("TLS_DHE_PSK_WITH_AES_256_GCM_SHA384", 0x00ab),614CS_00AC("TLS_RSA_PSK_WITH_AES_128_GCM_SHA256", 0x00ac),615CS_00AD("TLS_RSA_PSK_WITH_AES_256_GCM_SHA384", 0x00ad),616CS_00AE("TLS_PSK_WITH_AES_128_CBC_SHA256", 0x00ae),617CS_00AF("TLS_PSK_WITH_AES_256_CBC_SHA384", 0x00af),618CS_00B0("TLS_PSK_WITH_NULL_SHA256", 0x00b0),619CS_00B1("TLS_PSK_WITH_NULL_SHA384", 0x00b1),620CS_00B2("TLS_DHE_PSK_WITH_AES_128_CBC_SHA256", 0x00b2),621CS_00B3("TLS_DHE_PSK_WITH_AES_256_CBC_SHA384", 0x00b3),622CS_00B4("TLS_DHE_PSK_WITH_NULL_SHA256", 0x00b4),623CS_00B5("TLS_DHE_PSK_WITH_NULL_SHA384", 0x00b5),624CS_00B6("TLS_RSA_PSK_WITH_AES_128_CBC_SHA256", 0x00b6),625CS_00B7("TLS_RSA_PSK_WITH_AES_256_CBC_SHA384", 0x00b7),626CS_00B8("TLS_RSA_PSK_WITH_NULL_SHA256", 0x00b8),627CS_00B9("TLS_RSA_PSK_WITH_NULL_SHA384", 0x00b9),628629// Unsupported cipher suites from RFC 5932630CS_0041("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0041),631CS_0042("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0042),632CS_0043("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0043),633CS_0044("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", 0x0044),634CS_0045("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", 0x0045),635CS_0046("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA", 0x0046),636CS_0084("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0084),637CS_0085("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0085),638CS_0086("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0086),639CS_0087("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", 0x0087),640CS_0088("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", 0x0088),641CS_0089("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA", 0x0089),642CS_00BA("TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00ba),643CS_00BB("TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bb),644CS_00BC("TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00bc),645CS_00BD("TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256", 0x00bd),646CS_00BE("TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0x00be),647CS_00BF("TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256", 0x00bf),648CS_00C0("TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c0),649CS_00C1("TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c1),650CS_00C2("TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c2),651CS_00C3("TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256", 0x00c3),652CS_00C4("TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256", 0x00c4),653CS_00C5("TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256", 0x00c5),654655// TLS Fallback Signaling Cipher Suite Value (SCSV) RFC 7507656CS_5600("TLS_FALLBACK_SCSV", 0x5600),657658// Unsupported cipher suites from RFC 5054659CS_C01A("TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", 0xc01a),660CS_C01B("TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", 0xc01b),661CS_C01C("TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", 0xc01c),662CS_C01D("TLS_SRP_SHA_WITH_AES_128_CBC_SHA", 0xc01d),663CS_C01E("TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", 0xc01e),664CS_C01F("TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", 0xc01f),665CS_C020("TLS_SRP_SHA_WITH_AES_256_CBC_SHA", 0xc020),666CS_C021("TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", 0xc021),667CS_C022("TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", 0xc022),668669// Unsupported cipher suites from RFC 5489670CS_C033("TLS_ECDHE_PSK_WITH_RC4_128_SHA", 0xc033),671CS_C034("TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", 0xc034),672CS_C035("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA", 0xc035),673CS_C036("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA", 0xc036),674CS_C037("TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256", 0xc037),675CS_C038("TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384", 0xc038),676CS_C039("TLS_ECDHE_PSK_WITH_NULL_SHA", 0xc039),677CS_C03A("TLS_ECDHE_PSK_WITH_NULL_SHA256", 0xc03a),678CS_C03B("TLS_ECDHE_PSK_WITH_NULL_SHA384", 0xc03b),679680// Unsupported cipher suites from RFC 6209681CS_C03C("TLS_RSA_WITH_ARIA_128_CBC_SHA256", 0xc03c),682CS_C03D("TLS_RSA_WITH_ARIA_256_CBC_SHA384", 0xc03d),683CS_C03E("TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256", 0xc03e),684CS_C03F("TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384", 0xc03f),685CS_C040("TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc040),686CS_C041("TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc041),687CS_C042("TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256", 0xc042),688CS_C043("TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384", 0xc043),689CS_C044("TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc044),690CS_C045("TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc045),691CS_C046("TLS_DH_anon_WITH_ARIA_128_CBC_SHA256", 0xc046),692CS_C047("TLS_DH_anon_WITH_ARIA_256_CBC_SHA384", 0xc047),693CS_C048("TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc048),694CS_C049("TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc049),695CS_C04A("TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256", 0xc04a),696CS_C04B("TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384", 0xc04b),697CS_C04C("TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04c),698CS_C04D("TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04d),699CS_C04E("TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256", 0xc04e),700CS_C04F("TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384", 0xc04f),701CS_C050("TLS_RSA_WITH_ARIA_128_GCM_SHA256", 0xc050),702CS_C051("TLS_RSA_WITH_ARIA_256_GCM_SHA384", 0xc051),703CS_C052("TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc052),704CS_C053("TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc053),705CS_C054("TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc054),706CS_C055("TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc055),707CS_C056("TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256", 0xc056),708CS_C057("TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384", 0xc057),709CS_C058("TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256", 0xc058),710CS_C059("TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384", 0xc059),711CS_C05A("TLS_DH_anon_WITH_ARIA_128_GCM_SHA256", 0xc05a),712CS_C05B("TLS_DH_anon_WITH_ARIA_256_GCM_SHA384", 0xc05b),713CS_C05C("TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05c),714CS_C05D("TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05d),715CS_C05E("TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256", 0xc05e),716CS_C05F("TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384", 0xc05f),717CS_C060("TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", 0xc060),718CS_C061("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", 0xc061),719CS_C062("TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256", 0xc062),720CS_C063("TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384", 0xc063),721CS_C064("TLS_PSK_WITH_ARIA_128_CBC_SHA256", 0xc064),722CS_C065("TLS_PSK_WITH_ARIA_256_CBC_SHA384", 0xc065),723CS_C066("TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc066),724CS_C067("TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc067),725CS_C068("TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256", 0xc068),726CS_C069("TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384", 0xc069),727CS_C06A("TLS_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06a),728CS_C06B("TLS_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06b),729CS_C06C("TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06c),730CS_C06D("TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06d),731CS_C06E("TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256", 0xc06e),732CS_C06F("TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384", 0xc06f),733CS_C070("TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256", 0xc070),734CS_C071("TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384", 0xc071),735736// Unsupported cipher suites from RFC 6367737CS_C072("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc072),738CS_C073("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc073),739CS_C074("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc074),740CS_C075("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc075),741CS_C076("TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc076),742CS_C077("TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc077),743CS_C078("TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256", 0xc078),744CS_C079("TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384", 0xc079),745CS_C07A("TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07a),746CS_C07B("TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07b),747CS_C07C("TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07c),748CS_C07D("TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07d),749CS_C07E("TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc07e),750CS_C07F("TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc07f),751CS_C080("TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc080),752CS_C081("TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc081),753CS_C082("TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256", 0xc082),754CS_C083("TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384", 0xc083),755CS_C084("TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256", 0xc084),756CS_C085("TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384", 0xc085),757CS_C086("TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc086),758CS_C087("TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc087),759CS_C088("TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc088),760CS_C089("TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc089),761CS_C08A("TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08a),762CS_C08B("TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08b),763CS_C08C("TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256", 0xc08c),764CS_C08D("TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384", 0xc08d),765CS_C08E("TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc08e),766CS_C08F("TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc08f),767CS_C090("TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc090),768CS_C091("TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc091),769CS_C092("TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256", 0xc092),770CS_C093("TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384", 0xc093),771CS_C094("TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc094),772CS_C095("TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc095),773CS_C096("TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc096),774CS_C097("TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc097),775CS_C098("TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc098),776CS_C099("TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc099),777CS_C09A("TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256", 0xc09a),778CS_C09B("TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384", 0xc09b),779780// Unsupported cipher suites from RFC 6655781CS_C09C("TLS_RSA_WITH_AES_128_CCM", 0xc09c),782CS_C09D("TLS_RSA_WITH_AES_256_CCM", 0xc09d),783CS_C09E("TLS_DHE_RSA_WITH_AES_128_CCM", 0xc09e),784CS_C09F("TLS_DHE_RSA_WITH_AES_256_CCM", 0xc09f),785CS_C0A0("TLS_RSA_WITH_AES_128_CCM_8", 0xc0A0),786CS_C0A1("TLS_RSA_WITH_AES_256_CCM_8", 0xc0A1),787CS_C0A2("TLS_DHE_RSA_WITH_AES_128_CCM_8", 0xc0A2),788CS_C0A3("TLS_DHE_RSA_WITH_AES_256_CCM_8", 0xc0A3),789CS_C0A4("TLS_PSK_WITH_AES_128_CCM", 0xc0A4),790CS_C0A5("TLS_PSK_WITH_AES_256_CCM", 0xc0A5),791CS_C0A6("TLS_DHE_PSK_WITH_AES_128_CCM", 0xc0A6),792CS_C0A7("TLS_DHE_PSK_WITH_AES_256_CCM", 0xc0A7),793CS_C0A8("TLS_PSK_WITH_AES_128_CCM_8", 0xc0A8),794CS_C0A9("TLS_PSK_WITH_AES_256_CCM_8", 0xc0A9),795CS_C0AA("TLS_PSK_DHE_WITH_AES_128_CCM_8", 0xc0Aa),796CS_C0AB("TLS_PSK_DHE_WITH_AES_256_CCM_8", 0xc0Ab),797798// Unsupported cipher suites from RFC 7251799CS_C0AC("TLS_ECDHE_ECDSA_WITH_AES_128_CCM", 0xc0Ac),800CS_C0AD("TLS_ECDHE_ECDSA_WITH_AES_256_CCM", 0xc0Ad),801CS_C0AE("TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8", 0xc0Ae),802CS_C0AF("TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8", 0xc0Af),803804C_NULL("SSL_NULL_WITH_NULL_NULL", 0x0000);805806final int id;807final boolean isDefaultEnabled;808final String name;809final List<String> aliases;810final List<ProtocolVersion> supportedProtocols;811final KeyExchange keyExchange;812final SSLCipher bulkCipher;813final MacAlg macAlg;814final HashAlg hashAlg;815816final boolean exportable;817818// known but unsupported cipher suite819private CipherSuite(String name, int id) {820this(id, false, name, "",821ProtocolVersion.PROTOCOLS_EMPTY, null, null, null, null);822}823824// TLS 1.3 cipher suite825private CipherSuite(int id, boolean isDefaultEnabled,826String name, ProtocolVersion[] supportedProtocols,827SSLCipher bulkCipher, HashAlg hashAlg) {828this(id, isDefaultEnabled, name, "",829supportedProtocols, null, bulkCipher, M_NULL, hashAlg);830}831832private CipherSuite(int id, boolean isDefaultEnabled,833String name, String aliases,834ProtocolVersion[] supportedProtocols,835KeyExchange keyExchange, SSLCipher cipher,836MacAlg macAlg, HashAlg hashAlg) {837this.id = id;838this.isDefaultEnabled = isDefaultEnabled;839this.name = name;840if (!aliases.isEmpty()) {841this.aliases = Arrays.asList(aliases.split(","));842} else {843this.aliases = Collections.emptyList();844}845this.supportedProtocols = Arrays.asList(supportedProtocols);846this.keyExchange = keyExchange;847this.bulkCipher = cipher;848this.macAlg = macAlg;849this.hashAlg = hashAlg;850851this.exportable = (cipher == null ? false : cipher.exportable);852}853854static CipherSuite nameOf(String ciperSuiteName) {855for (CipherSuite cs : CipherSuite.values()) {856if (cs.name.equals(ciperSuiteName) ||857cs.aliases.contains(ciperSuiteName)) {858return cs;859}860}861862return null;863}864865static CipherSuite valueOf(int id) {866for (CipherSuite cs : CipherSuite.values()) {867if (cs.id == id) {868return cs;869}870}871872return null;873}874875static String nameOf(int id) {876for (CipherSuite cs : CipherSuite.values()) {877if (cs.id == id) {878return cs.name;879}880}881882return "UNKNOWN-CIPHER-SUITE(" + Utilities.byte16HexString(id) + ")";883}884885static Collection<CipherSuite> allowedCipherSuites() {886Collection<CipherSuite> cipherSuites = new LinkedList<>();887for (CipherSuite cs : CipherSuite.values()) {888if (!cs.supportedProtocols.isEmpty()) {889cipherSuites.add(cs);890} else {891// values() is ordered, remaining cipher suites are892// not supported.893break;894}895}896return cipherSuites;897}898899static Collection<CipherSuite> defaultCipherSuites() {900Collection<CipherSuite> cipherSuites = new LinkedList<>();901for (CipherSuite cs : CipherSuite.values()) {902if (cs.isDefaultEnabled) {903cipherSuites.add(cs);904} else {905// values() is ordered, remaining cipher suites are906// not enabled.907break;908}909}910return cipherSuites;911}912913/**914* Validates and converts an array of cipher suite names.915*916* @throws IllegalArgumentException when one or more of the ciphers named917* by the parameter is not supported, or when the parameter is null.918*/919static List<CipherSuite> validValuesOf(String[] names) {920if (names == null) {921throw new IllegalArgumentException("CipherSuites cannot be null");922}923924List<CipherSuite> cipherSuites = new ArrayList<>(names.length);925for (String name : names) {926if (name == null || name.isEmpty()) {927throw new IllegalArgumentException(928"The specified CipherSuites array contains " +929"invalid null or empty string elements");930}931932boolean found = false;933for (CipherSuite cs : CipherSuite.values()) {934if (!cs.supportedProtocols.isEmpty()) {935if (cs.name.equals(name) ||936cs.aliases.contains(name)) {937cipherSuites.add(cs);938found = true;939break;940}941} else {942// values() is ordered, remaining cipher suites are943// not supported.944break;945}946}947if (!found) {948throw new IllegalArgumentException(949"Unsupported CipherSuite: " + name);950}951}952953return Collections.unmodifiableList(cipherSuites);954}955956static String[] namesOf(List<CipherSuite> cipherSuites) {957String[] names = new String[cipherSuites.size()];958int i = 0;959for (CipherSuite cipherSuite : cipherSuites) {960names[i++] = cipherSuite.name;961}962963return names;964}965966boolean isAvailable() {967// Note: keyExchange is null for TLS 1.3 CipherSuites.968return !supportedProtocols.isEmpty() &&969(keyExchange == null || keyExchange.isAvailable()) &&970bulkCipher != null && bulkCipher.isAvailable();971}972973public boolean supports(ProtocolVersion protocolVersion) {974return supportedProtocols.contains(protocolVersion);975}976977boolean isNegotiable() {978return this != TLS_EMPTY_RENEGOTIATION_INFO_SCSV && isAvailable();979}980981boolean isAnonymous() {982return (keyExchange != null && keyExchange.isAnonymous);983}984985// See also SSLWriteCipher.calculatePacketSize().986int calculatePacketSize(int fragmentSize,987ProtocolVersion protocolVersion) {988int packetSize = fragmentSize;989if (bulkCipher != null && bulkCipher != B_NULL) {990int blockSize = bulkCipher.ivSize;991switch (bulkCipher.cipherType) {992case BLOCK_CIPHER:993packetSize += macAlg.size;994packetSize += 1; // 1 byte padding length field995packetSize += // use the minimal padding996(blockSize - (packetSize % blockSize)) % blockSize;997if (protocolVersion.useTLS11PlusSpec()) {998packetSize += blockSize; // explicit IV999}10001001break;1002case AEAD_CIPHER:1003if (protocolVersion == ProtocolVersion.TLS12) {1004packetSize +=1005bulkCipher.ivSize - bulkCipher.fixedIvSize;1006}1007packetSize += bulkCipher.tagSize;10081009break;1010default: // NULL_CIPHER or STREAM_CIPHER1011packetSize += macAlg.size;1012}1013}10141015return packetSize + SSLRecord.headerSize;1016}10171018// See also CipherBox.calculateFragmentSize().1019int calculateFragSize(int packetLimit,1020ProtocolVersion protocolVersion) {1021int fragSize = packetLimit - SSLRecord.headerSize;1022if (bulkCipher != null && bulkCipher != B_NULL) {1023int blockSize = bulkCipher.ivSize;1024switch (bulkCipher.cipherType) {1025case BLOCK_CIPHER:1026if (protocolVersion.useTLS11PlusSpec()) {1027fragSize -= blockSize; // explicit IV1028}1029fragSize -= (fragSize % blockSize); // cannot hold a block1030// No padding for a maximum fragment.1031fragSize -= 1; // 1 byte padding length field: 0x001032fragSize -= macAlg.size;10331034break;1035case AEAD_CIPHER:1036fragSize -= bulkCipher.tagSize;1037fragSize -= bulkCipher.ivSize - bulkCipher.fixedIvSize;10381039break;1040default: // NULL_CIPHER or STREAM_CIPHER1041fragSize -= macAlg.size;1042}1043}10441045return fragSize;1046}10471048/**1049* An SSL/TLS key exchange algorithm.1050*/1051static enum KeyExchange {1052K_NULL ("NULL", false, true, NAMED_GROUP_NONE),1053K_RSA ("RSA", true, false, NAMED_GROUP_NONE),1054K_RSA_EXPORT ("RSA_EXPORT", true, false, NAMED_GROUP_NONE),1055K_DH_RSA ("DH_RSA", false, false, NAMED_GROUP_NONE),1056K_DH_DSS ("DH_DSS", false, false, NAMED_GROUP_NONE),1057K_DHE_DSS ("DHE_DSS", true, false, NAMED_GROUP_FFDHE),1058K_DHE_DSS_EXPORT("DHE_DSS_EXPORT", true, false, NAMED_GROUP_NONE),1059K_DHE_RSA ("DHE_RSA", true, false, NAMED_GROUP_FFDHE),1060K_DHE_RSA_EXPORT("DHE_RSA_EXPORT", true, false, NAMED_GROUP_NONE),1061K_DH_ANON ("DH_anon", true, true, NAMED_GROUP_FFDHE),1062K_DH_ANON_EXPORT("DH_anon_EXPORT", true, true, NAMED_GROUP_NONE),10631064K_ECDH_ECDSA ("ECDH_ECDSA", true, false, NAMED_GROUP_ECDHE),1065K_ECDH_RSA ("ECDH_RSA", true, false, NAMED_GROUP_ECDHE),1066K_ECDHE_ECDSA ("ECDHE_ECDSA", true, false, NAMED_GROUP_ECDHE),1067K_ECDHE_RSA ("ECDHE_RSA", true, false, NAMED_GROUP_ECDHE),1068K_ECDH_ANON ("ECDH_anon", true, true, NAMED_GROUP_ECDHE),10691070// Kerberos cipher suites1071K_KRB5 ("KRB5", true, false, NAMED_GROUP_NONE),1072K_KRB5_EXPORT ("KRB5_EXPORT", true, false, NAMED_GROUP_NONE),10731074// renegotiation protection request signaling cipher suite1075K_SCSV ("SCSV", true, true, NAMED_GROUP_NONE);10761077// name of the key exchange algorithm, e.g. DHE_DSS1078final String name;1079final boolean allowed;1080final NamedGroupType groupType;1081private final boolean alwaysAvailable;1082private final boolean isAnonymous;10831084KeyExchange(String name, boolean allowed,1085boolean isAnonymous, NamedGroupType groupType) {1086this.name = name;1087if (groupType == NAMED_GROUP_ECDHE) {1088this.allowed = JsseJce.ALLOW_ECC;1089} else {1090this.allowed = allowed;1091}1092this.groupType = groupType;1093this.alwaysAvailable = allowed && (!name.startsWith("EC"));1094this.isAnonymous = isAnonymous;1095}10961097boolean isAvailable() {1098if (alwaysAvailable) {1099return true;1100}11011102if (groupType == NAMED_GROUP_ECDHE) {1103return (allowed && JsseJce.isEcAvailable());1104} else if (name.startsWith("KRB")) {1105return (allowed && JsseJce.isKerberosAvailable());1106} else {1107return allowed;1108}1109}11101111@Override1112public String toString() {1113return name;1114}1115}11161117/**1118* An SSL/TLS key MAC algorithm.1119*1120* Also contains a factory method to obtain an initialized MAC1121* for this algorithm.1122*/1123static enum MacAlg {1124M_NULL ("NULL", 0, 0, 0),1125M_MD5 ("MD5", 16, 64, 9),1126M_SHA ("SHA", 20, 64, 9),1127M_SHA256 ("SHA256", 32, 64, 9),1128M_SHA384 ("SHA384", 48, 128, 17);11291130// descriptive name, e.g. MD51131final String name;11321133// size of the MAC value (and MAC key) in bytes1134final int size;11351136// block size of the underlying hash algorithm1137final int hashBlockSize;11381139// minimal padding size of the underlying hash algorithm1140final int minimalPaddingSize;11411142MacAlg(String name, int size,1143int hashBlockSize, int minimalPaddingSize) {1144this.name = name;1145this.size = size;1146this.hashBlockSize = hashBlockSize;1147this.minimalPaddingSize = minimalPaddingSize;1148}11491150@Override1151public String toString() {1152return name;1153}1154}11551156/**1157* The hash algorithms used for PRF (PseudoRandom Function) or HKDF.1158*1159* Note that TLS 1.1- uses a single MD5/SHA1-based PRF algorithm for1160* generating the necessary material.1161*/1162static enum HashAlg {1163H_NONE ("NONE", 0, 0),1164H_SHA256 ("SHA-256", 32, 64),1165H_SHA384 ("SHA-384", 48, 128);11661167final String name;1168final int hashLength;1169final int blockSize;11701171HashAlg(String hashAlg, int hashLength, int blockSize) {1172this.name = hashAlg;1173this.hashLength = hashLength;1174this.blockSize = blockSize;1175}11761177@Override1178public String toString() {1179return name;1180}1181}1182}118311841185